Failed to create secret Post "http://localhost:8080/api/v1/namespaces/keycloak-test/secrets?fieldManager=kubectl-create&fieldValidation=Strict"

huangapple go评论63阅读模式
英文:

Failed to create secret Post "http://localhost:8080/api/v1/namespaces/keycloak-test/secrets?fieldManager=kubectl-create&fieldValidation=Strict"

问题

我是新手 Kubernetes。我只是尝试使用 kubectl 创建一个 TLS 密钥。我的最终目标是在 Kubernetes 中部署 Keycloak 集群。

所以我按照这个YouTube 教程。但在这个教程中没有提到如何生成我的 TLS 密钥和 TLS 证书。所以为了做到这一点,我使用了这个文档 (https://www.linode.com/docs/guides/create-a-self-signed-tls-certificate/)。

然后我可以生成 MyCertTLS.crt 和 MyKeyTLS.key

gayan@Gayan:/srv$ cd certs
gayan@Gayan:/srv/certs$ ls
MyCertTLS.crt  MyKeyTLS.key

要为 Kubernetes 创建密钥密钥,我运行了这个命令

sudo kubectl create secret tls my-tls --key="MyKeyTLS.key" --cert="MyCertTLS.crt" -n keycloak-test

但它不起作用,我收到了这个错误,

gayan@Gayan:/srv/certs$ sudo kubectl create secret tls my-tls --key="MyKeyTLS.key" --cert="MyCertTLS.crt" -n keycloak-test
[sudo] password for gayan:                 
error: failed to create secret Post "http://localhost:8080/api/v1/namespaces/keycloak-test/secrets?fieldManager=kubectl-create&fieldValidation=Strict": dial tcp 127.0.0.1:8080: connect: connection refused

注意:
MiniKube 正在运行...
并且 Ingress 插件也已启用...
我已经创建了一个名为 keycloak-test 的命名空间。

gayan@Gayan:/srv/keycloak$ kubectl get namespaces
NAME                   STATUS   AGE
default                Active   3d19h
ingress-nginx          Active   119m
keycloak-test          Active   4m12s
kube-node-lease        Active   3d19h
kube-public            Active   3d19h
kube-system            Active   3d19h
kubernetes-dashboard   Active   3d19h

我正在尝试解决这个错误。但我不知道为什么会出现这个错误,正在寻找来自社区的解决方案。

英文:

I am new to Kubernetes. I just trying to create a tls secret using kubectl. My ultimate goal is deploy a keycloak cluster in kubernetes.

So I follow this youtube tutorial. But in this tutorial doesn't mention how to generate my own tls key and tls cert. So to do that I use this documentation (https://www.linode.com/docs/guides/create-a-self-signed-tls-certificate/).

Then I could generate MyCertTLS.crt and MyKeyTLS.key
<pre><font color="#8AE234"><b>gayan@Gayan</b></font>:<font color="#729FCF"><b>/srv</b></font>$ cd certs
<font color="#8AE234"><b>gayan@Gayan</b></font>:<font color="#729FCF"><b>/srv/certs</b></font>$ ls
MyCertTLS.crt MyKeyTLS.key
</pre>

To create secret key for the kubernetes, I ran this command

sudo kubectl create secret tls my-tls --key=&quot;MyKeyTLS.key&quot; --cert=&quot;MyCertTLS.crt&quot; -n keycloak-test

But It's not working, I got this error,
<pre><font color="#8AE234"><b>gayan@Gayan</b></font>:<font color="#729FCF"><b>/srv/certs</b></font>$ sudo kubectl create secret tls my-tls --key=&quot;MyKeyTLS.key&quot; --cert=&quot;MyCertTLS.crt&quot; -n keycloak-test
[sudo] password for gayan:
error: failed to create secret Post &quot;http://localhost:8080/api/v1/namespaces/keycloak-test/secrets?fieldManager=kubectl-create&amp;fieldValidation=Strict&quot;: dial tcp 127.0.0.1:8080: connect: connection refused
</pre>

<B>Note</B>: <br>
MiniKube is Running...<br>
And Ingress Addon also enabled...<br>
I have created a namespace called keycloak-test.
<pre><font color="#8AE234"><b>gayan@Gayan</b></font>:<font color="#729FCF"><b>/srv/keycloak</b></font>$ kubectl get namespaces
NAME STATUS AGE
default Active 3d19h
ingress-nginx Active 119m
keycloak-test Active 4m12s
kube-node-lease Active 3d19h
kube-public Active 3d19h
kube-system Active 3d19h
kubernetes-dashboard Active 3d19h
</pre>

I am trying to fix this error. But I have no idea why I get this, looking for a solution from the genius community.

答案1

得分: 1

I figured this out! I posted this, because this may helpful for someone.

I am getting that error,

error: failed to create secret Post "http://localhost:8080/api/v1/namespaces/keycloak-test/secrets?fieldManager=kubectl-create&fieldValidation=Strict": dial tcp 127.0.0.1:8080: connect: connection refused

Because my kubernetes api-server is running on a different port.

You can view what port your kubernetes api-server is running by running this command,

kubectl config view

Then for example, if you can see server: localhost:40475 like that, It's mean your server running on port 40475.

And kubernetes default port is 8443

Then you should mention the correct port on your kubectl command to create the secret.

So, I add --server=https://localhost:40475 to my command.

kubectl create secret tls my-tls --key="tls.key" --cert="tls.crt" -n keycloak-test --server=https://localhost:40475

And another thing, if you getting error like permission denied

You have to change the ownership of your tls.key file and tls.crt file.

I did this by running these commands,

sudo chmod 666 tls.crt

sudo chmod 666 tls.key

Then you should run above kubectl command, without sudo! It works !!!!!! If you run that command with sudo, It will ask username and passwords and it confused me and it did not work.

So, by doing this way, I solved this issue! Hope this will help to someone!!! Thanks!

英文:

I figured this out! I posted this, because this may helpful for someone.

I am getting that error,

error: failed to create secret Post &quot;http://localhost:8080/api/v1/namespaces/keycloak-test/secrets?fieldManager=kubectl-create&amp;fieldValidation=Strict&quot;: dial tcp 127.0.0.1:8080: connect: connection refused

Because my kubernetes api-server is running on a different port.

You can view what port your kubernetes api-server is running by running this command,

kubectl config view

Then for example, if you can see server: localhost:40475 like that, It's mean your server running on port 40475.

And kubernetes default port is 8443

Then you should mention the correct port on your kubectl command to create the secret.

So, I add --server=https://localhost:40475 to my command.

kubectl create secret tls my-tls --key=&quot;tls.key&quot; --cert=&quot;tls.crt&quot; -n keycloak-test --server=https://localhost:40475

And another thing, if you getting error like permission denied

You have to change the ownership of your tls.key file and tls.crt file.

I did this by running these commands,

sudo chmod 666 tls.crt

sudo chmod 666 tls.key

Then you should run above kubectl command, without sudo! It works !!!!!!
If you run that command with sudo, It will ask username and passwords and it confused me and it did not work.

So, by doing this way, I solved this issue!
Hope this will help to someone!!! Thanks!

答案2

得分: 1

在你的示例中,kubectl get namespaces 是可以工作的,但是 sudo kubectl create secret 不行。

在使用 Kubernetes 时,你不需要 sudo。具体来说,连接信息默认存储在 $HOME/.kube/config 文件中,但是当你使用 sudo kubectl ... 时,会改变家目录,导致无法找到连接信息。

标准的 Kubernetes 假设是集群是远程的,所以你的本地用户ID对它并不重要。唯一重要的是访问集群的用户被分配的 Kubernetes 特定权限。

英文:

In your examples, kubectl get namespaces works, but sudo kubectl create secret doesn't.

You don't need sudo to work with Kubernetes. In particular, the connection information is stored in a $HOME/.kube/config file by default, but when you sudo kubectl ..., that changes the home directory and you can't find the connection information.

The standard Kubernetes assumption is that the cluster is remote, and so your local user ID doesn't really matter to it. All that does matter is the Kubernetes-specific permissions assigned to the user that's accessing the cluster.

huangapple
  • 本文由 发表于 2023年2月6日 15:21:15
  • 转载请务必保留本文链接:https://go.coder-hub.com/75358381.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定